Protects company infrastructure and customers from zero-days and ransomware

Company Overview

GISA, a complete IT service provider, was founded in 1993 in the city of Halle, Germany. With sites throughout the country, it has more than 660 employees.

The company lives by the motto, "IT. Beyond default." and offers process- and IT-consul ting services, and develops and implements innovative IT solutions. In addition, GISA provides a range of services, from hosting to outsourcing of complete business processes and IT infrastructures. To support this, the company operates one of the most powerful data center networks in Germany.

"The Trend Micro solution offers us a state-of-the-art product that protects from targeted attacks, unknown malicious codes, and last but not least, the threat of ransomware"

Steven Peter Beer,Network Manager and Operative
Security Team Manager

Challenges

"To ensure that our competence is not just a promise and so that we are able to confidently provide for our customers' entire IT environment, we have equipped our data centers with the best possible security," explains Steven Peter Beer, Network Manager and Operative Security Team Manager. He continues, "Our entire IT network of data centers is certified according to the stipulations of the German Federal Office for Information Security (BSI). Furthermore, GISA's ISMS is natively certified to ISO 27001."

According to the network manager, customers of GISA include companies from the energy industry, service and industrial sectors, and clients from the public sector. They pose special challenges because of their special requirements, such as no security breaches if the public sector lets GISA handle all hosting.

To ensure a secure data center network, GISA has long relied on classic safeguards such as a firewall with IDS and a content scanner for web and mail to filter out malicious code and attacks using known patterns. However, identifying new malicious codes and targeted attacks is becoming increasingly difficult because traditional patterns are of limited use these days. "It is theoretically possible that unknown malicious codes can still infiltrate company networks," according to the security team's manager. "Even if customers are not affected, the malware is difficult to find, requiring many resources." Furthermore, targeted attacks that are sent via email with ransomware attachments and infected URLs are making daily headlines.

To proactively take on these new threats, GISA decided to improve its security situation, not only for itself, but in the interest of its customers’ growing needs. "We came to the conclusion that we needed a solution to protect customers from targeted attacks, detect zero-days and unknown malicious codes, and last but not least, safeguard from the threat of ransomware," explains Beer.

"The solution operates autonomously so that we need significantly fewer resources to supply the connected security systems with information on threats, and we have much greater assurance that nothing bad will happen"

Steven Peter Beer,Network Manager and Operative
Security Team Manager

Why Trend Micro

In 2015, after conducting thorough market research, GISA chose Trend Micro Deep Discovery. "Trend Micro is the ideal solution for us and our requirements. We need more than the standard when it comes to security," emphasizes the manager of the Operative Security Team. "That is why we chose a state-of-the-art product."

Solution

By using Deep Discovery Inspector and Deep Discovery Analyzer, today's disguised and targeted attacks can be detected in real time, and then analyzed and flexibly thwarted. GISA has implemented the solution throughout their entire data center network to protect not only its own infrastructure, but also its customers from ransomware and zero days. As an additional service, customers can also use Deep Discovery Inspector for their IP space. The benefits are a sandbox designed to support the standard client and thus optimal detection and a low false positive rate customized to the environment.

Deep Discovery Analyzer's scalable sandbox solution keeps pace with the number of threats originating from email systems, networks, endpoints, and any other sources.

Results

Only two weeks after implementation, GISA confirmed that their decision to use Trend Micro was most definitely the right one. "This was at the time when there was a huge wave of ransomware associated with the Locky virus," reports Beer. "We did not have any incidents, which is unfortunately something not many companies can say."

The solution operates autonomously, analyzes the data, and automatically distributes the results. IT departments that had to check which systems were affected by a threat and if a response was necessary, or if rules should be entered manually now enjoy the fact that today, fewer resources are needed in such cases. We now have greater assurance that nothing bad will happen, emphasizes the manager.

Additionally, Beer highlights the benefits of the Control Manager. It provides centralized, user-specific management for threat detection and data protection. It then relays the information in the form of blacklists to other instances in the Trend Micro solution and to existing third-party products, closing the security loop.

Furthermore, the team's manager appreciates the solution's reporting functions for both the company itself and its customers. "In the past we could only view the security status of our systems with the known threats," he explained. "We couldn't detect 15% to 20% of the threats. The new solution gives us an overview of the entire situation so we can respond accordingly." Moreover, it is now possible to better assess data traffic risks in the data center.

Finally, the Trend Micro solution ensures that GISA fulfills compliance requirements. Those responsible can see if security policies are violated and can trigger processes to remedy this, emphasizes Beer.

Last but not least, Beer underscores the good teamwork GISA experienced with its implementation partner, Krick Systemhaus, Krick GmbH & Co.KG. "Krick experts needed only two days for implementation and configuration of the rulesets. Deep Discovery has run smoothly since then."